CVE-2014-3581

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Published: Oct 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3581
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
apache / http_server	2.4.1	2.4.1.x
apache / http_server	2.4.6	2.4.6.x
apache / http_server	2.4.3	2.4.3.x
apache / http_server	2.4.4	2.4.4.x
apache / http_server	2.4.10	2.4.10.x
apache / http_server	2.4.7	2.4.7.x
apache / http_server	2.4.2	2.4.2.x
apache / http_server	2.4.9	2.4.9.x
canonical / ubuntu_linux	14.10	14.10.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	12.04	12.04.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_eus	7.3	7.3.x
redhat / enterprise_linux_eus	7.4	7.4.x
redhat / enterprise_linux_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x
oracle / enterprise_manager_ops_center	12.2.1	12.2.1.x
oracle / enterprise_manager_ops_center	12.3.0	12.3.0.x
oracle / enterprise_manager_ops_center	12.2.0	12.2.0.x
oracle / linux	6	6.x
oracle / enterprise_manager_ops_center	-	12.1.4

Vulnerability Database

289,689

CVE-2014-3581